* 'master' of git://git.distorted.org.uk/~mdw/ca:
lib/func.tcl: Hack output of `openssl dgst -hex'.
etc/openssl.conf: Allow `keyEncipherment' for TLS clients.
###--------------------------------------------------------------------------
### Defaults.
-RANDFILE = /dev/urandom
+RANDFILE = /dev/random
db_suffix =
###--------------------------------------------------------------------------
[tls-client-extensions]
basicConstraints = critical, CA:FALSE
- keyUsage = critical, digitalSignature
+ keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always